64575519aa
This implements a global toggle `om_enable_rabbitmq_quorum_queues` to enable quorum queues for each service in RabbitMQ, similar to what was done for HA[0]. Quorum Queues are enabled by default. Quorum queues are more reliable, safer, simpler and faster than replicated mirrored classic queues[1]. Mirrored classic queues are deprecated and scheduled for removal in RabbitMQ 4.0[2]. Notice, that we do not need a new policy in the RabbitMQ definitions template, because their usage is enabled on the client side and can't be set using a policy[3]. Notice also, that quorum queues are not yet enabled in oslo.messaging for the usage of reply_ and fanout_ queues (transient queues). This will change once[4] is merged. [0]: https://review.opendev.org/c/openstack/kolla-ansible/+/867771 [1]: https://www.rabbitmq.com/quorum-queues.html [2]: https://blog.rabbitmq.com/posts/2021/08/4.0-deprecation-announcements/ [3]: https://www.rabbitmq.com/quorum-queues.html#declaring [4]: https://review.opendev.org/c/openstack/oslo.messaging/+/888479 Signed-off-by: Sven Kieske <kieske@osism.tech> Change-Id: I6c033d460a5c9b93c346e9e47e93b159d3c27830
269 lines
9.3 KiB
Django/Jinja
269 lines
9.3 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ cinder_logging_debug }}
|
|
|
|
log_dir = /var/log/kolla/cinder
|
|
{% if service_name == "cinder-api" %}
|
|
log_file = cinder-api.log
|
|
{% endif %}
|
|
use_forwarded_for = true
|
|
|
|
# Set use_stderr to False or the logs will also be sent to stderr
|
|
# and collected by Docker
|
|
use_stderr = False
|
|
|
|
my_ip = {{ api_interface_address }}
|
|
|
|
volume_name_template = volume-%s
|
|
|
|
glance_api_servers = {{ glance_internal_endpoint }}
|
|
|
|
glance_num_retries = {{ groups['glance-api'] | length }}
|
|
glance_ca_certificates_file = {{ openstack_cacert }}
|
|
|
|
{% if cinder_enabled_backends %}
|
|
enabled_backends = {{ cinder_enabled_backends|map(attribute='name')|join(',') }}
|
|
{% endif %}
|
|
|
|
{% if service_name == "cinder-backup" and enable_cinder_backup | bool %}
|
|
{% if cinder_backup_driver == "ceph" %}
|
|
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
|
|
backup_ceph_conf = /etc/ceph/{{ cinder_backup_ceph_backend.cluster }}.conf
|
|
backup_ceph_user = {{ ceph_cinder_backup_user }}
|
|
backup_ceph_chunk_size = 134217728
|
|
backup_ceph_pool = {{ ceph_cinder_backup_pool_name }}
|
|
backup_ceph_stripe_unit = 0
|
|
backup_ceph_stripe_count = 0
|
|
restore_discard_excess_bytes = true
|
|
{% elif cinder_backup_driver == "nfs" %}
|
|
backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver
|
|
backup_mount_options = {{ cinder_backup_mount_options_nfs }}
|
|
backup_mount_point_base = /var/lib/cinder/backup
|
|
backup_share = {{ cinder_backup_share }}
|
|
backup_file_size = 327680000
|
|
{% elif enable_swift | bool and cinder_backup_driver == "swift" %}
|
|
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
|
|
backup_swift_url = {{ swift_internal_base_endpoint }}/v1/AUTH_
|
|
backup_swift_auth = per_user
|
|
backup_swift_auth_version = 1
|
|
backup_swift_user =
|
|
backup_swift_key =
|
|
{% elif cinder_backup_driver == "s3" %}
|
|
backup_driver = cinder.backup.drivers.s3.S3BackupDriver
|
|
backup_s3_endpoint_url = {{ cinder_backup_s3_url }}
|
|
backup_s3_store_bucket = {{ cinder_backup_s3_bucket }}
|
|
backup_s3_store_access_key = {{ cinder_backup_s3_access_key }}
|
|
backup_s3_store_secret_key = {{ cinder_backup_s3_secret_key }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
api_paste_config = /etc/cinder/api-paste.ini
|
|
|
|
auth_strategy = keystone
|
|
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
{% if cinder_enabled_notification_topics %}
|
|
driver = messagingv2
|
|
topics = {{ cinder_enabled_notification_topics | map(attribute='name') | join(',') }}
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
[oslo_messaging_rabbit]
|
|
heartbeat_in_pthread = {{ service_name == 'cinder-api' }}
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_high_availability | bool %}
|
|
amqp_durable_queues = true
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_quorum_queues | bool %}
|
|
rabbit_quorum_queue = true
|
|
{% endif %}
|
|
|
|
[oslo_middleware]
|
|
enable_proxy_headers_parsing = True
|
|
|
|
{% if cinder_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ cinder_policy_file }}
|
|
{% endif %}
|
|
|
|
[nova]
|
|
interface = internal
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
region_name = {{ openstack_region_name }}
|
|
project_name = service
|
|
username = {{ nova_keystone_user }}
|
|
password = {{ nova_keystone_password }}
|
|
cafile = {{ openstack_cacert }}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
max_retries = -1
|
|
|
|
[keystone_authtoken]
|
|
service_type = volume
|
|
# security fix, always validate service tokens
|
|
# see: https://security.openstack.org/ossa/OSSA-2023-003.html
|
|
# and: https://docs.openstack.org/cinder/zed/configuration/block-storage/service-token.html#troubleshooting
|
|
service_token_roles_required = true
|
|
service_token_roles = admin
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ cinder_keystone_user }}
|
|
password = {{ cinder_keystone_password }}
|
|
cafile = {{ openstack_cacert }}
|
|
region_name = {{ openstack_region_name }}
|
|
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/cinder/tmp
|
|
|
|
{% if enable_cinder_backend_lvm | bool %}
|
|
[{{ cinder_backend_lvm_name }}]
|
|
volume_group = {{ cinder_volume_group }}
|
|
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
|
|
volume_backend_name = {{ cinder_backend_lvm_name }}
|
|
target_helper = {{ cinder_target_helper }}
|
|
target_protocol = iscsi
|
|
{% endif %}
|
|
|
|
{% if cinder_backend_ceph | bool %}
|
|
{% for backend in cinder_ceph_backends %}
|
|
[{{ backend.name }}]
|
|
volume_driver = cinder.volume.drivers.rbd.RBDDriver
|
|
volume_backend_name = {{ backend.name }}
|
|
rbd_pool = {{ ceph_cinder_pool_name }}
|
|
rbd_ceph_conf = /etc/ceph/{{ backend.cluster }}.conf
|
|
rados_connect_timeout = 5
|
|
rbd_user = {{ ceph_cinder_user }}
|
|
rbd_cluster_name = {{ backend.cluster }}
|
|
rbd_keyring_conf = /etc/ceph/{{ backend.cluster }}.{{ ceph_cinder_keyring }}
|
|
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
|
|
report_discard_supported = True
|
|
{% if backend.availability_zone is defined %}
|
|
backend_availability_zone = {{ backend.availability_zone }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_nfs | bool %}
|
|
[{{ cinder_backend_nfs_name }}]
|
|
volume_driver = cinder.volume.drivers.nfs.NfsDriver
|
|
volume_backend_name = {{ cinder_backend_nfs_name }}
|
|
nfs_shares_config = /etc/cinder/nfs_shares
|
|
nfs_snapshot_support = True
|
|
nas_secure_file_permissions = False
|
|
nas_secure_file_operations = False
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_hnas_nfs | bool %}
|
|
[{{ cinder_backend_hnas_nfs_name }}]
|
|
volume_driver = cinder.volume.drivers.hitachi.hnas_nfs.HNASNFSDriver
|
|
nfs_shares_config = /home/cinder/nfs_shares
|
|
volume_backend_name = {{ hnas_nfs_backend }}
|
|
hnas_username = {{ hnas_nfs_username }}
|
|
hnas_password = {{ hnas_nfs_password }}
|
|
hnas_mgmt_ip0 = {{ hnas_nfs_mgmt_ip0 }}
|
|
|
|
hnas_svc0_volume_type = {{ hnas_nfs_svc0_volume_type }}
|
|
hnas_svc0_hdp = {{ hnas_nfs_svc0_hdp }}
|
|
{% endif %}
|
|
|
|
{% if cinder_backend_vmwarevc_vmdk | bool %}
|
|
[{{ cinder_backend_vmwarevc_vmdk_name }}]
|
|
volume_driver = cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver
|
|
vmware_host_ip = {{ vmware_vcenter_host_ip }}
|
|
vmware_host_username = {{ vmware_vcenter_host_username }}
|
|
vmware_host_password = {{ vmware_vcenter_host_password }}
|
|
vmware_cluster_name = {{ vmware_vcenter_cluster_name }}
|
|
vmware_insecure = True
|
|
{% endif %}
|
|
|
|
{% if cinder_backend_vmware_vstorage_object | bool %}
|
|
[{{ cinder_backend_vmware_vstorage_object_name }}]
|
|
volume_driver = cinder.volume.drivers.vmware.fcd.VMwareVStorageObjectDriver
|
|
vmware_host_ip = {{ vmware_vcenter_host_ip }}
|
|
vmware_host_username = {{ vmware_vcenter_host_username }}
|
|
vmware_host_password = {{ vmware_vcenter_host_password }}
|
|
vmware_cluster_name = {{ vmware_vcenter_cluster_name }}
|
|
vmware_insecure = True
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_quobyte | bool %}
|
|
[{{ cinder_backend_quobyte_name }}]
|
|
volume_driver = cinder.volume.drivers.quobyte.QuobyteDriver
|
|
quobyte_volume_url = quobyte://{{ quobyte_storage_host }}/{{ quobyte_storage_volume }}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_pure_iscsi | bool %}
|
|
[{{ cinder_backend_pure_iscsi_name }}]
|
|
volume_backend_name = {{ pure_iscsi_backend }}
|
|
volume_driver = cinder.volume.drivers.pure.PureISCSIDriver
|
|
san_ip = {{ pure_san_ip }}
|
|
pure_api_token = {{ pure_api_token }}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_pure_fc | bool %}
|
|
[{{ cinder_backend_pure_fc_name }}]
|
|
volume_backend_name = {{ pure_fc_backend }}
|
|
volume_driver = cinder.volume.drivers.pure.PureFCDriver
|
|
san_ip = {{ pure_san_ip }}
|
|
pure_api_token = {{ pure_api_token }}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder_backend_pure_roce | bool %}
|
|
[{{ cinder_backend_pure_roce_name }}]
|
|
volume_backend_name = {{ pure_roce_backend }}
|
|
volume_driver = cinder.volume.drivers.pure.PureNVMEDriver
|
|
san_ip = {{ pure_san_ip }}
|
|
pure_api_token = {{ pure_api_token }}
|
|
{% endif %}
|
|
|
|
[privsep_entrypoint]
|
|
helper_command=sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
{% if enable_barbican | bool %}
|
|
[barbican]
|
|
auth_endpoint = {{ keystone_internal_url }}
|
|
barbican_endpoint_type = internal
|
|
verify_ssl_path = {{ openstack_cacert }}
|
|
{% endif %}
|
|
|
|
[coordination]
|
|
{% if cinder_coordination_backend == 'redis' %}
|
|
backend_url = {{ redis_connection_string }}
|
|
{% elif cinder_coordination_backend == 'etcd' %}
|
|
# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
|
|
# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
|
|
# and https://review.opendev.org/466098 for details
|
|
# NOTE(jan.gutter): etcd v3.4 removed the default `v3alpha` api_version. Until
|
|
# tooz defaults to a newer version, we should explicitly specify `v3`
|
|
backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
|
|
{% endif %}
|